Phishing for Dollars... if they can... they will

With browsers, web sites and financial institutions becoming more and more anti-phishing savvy, organized online crime also raises the bar.

For the first time, phishing attacks have outnumbered e-mails infected with viruses and Trojan horse programs. It must be working.

Phishing is getting much more sophisticated, as illustrated on another eBay knock-off that hit Germany on Thursday. The email itself claims that a direct debit order could not be processed and asks users to double check their account details and enter the correct details. That's not so bad. However, clicking executes the attachment ('bill.exe') which initiates a malicious code downloaded which hides in the background while the web page displays a PDF file.

TMCnet's Raju Shanbhag, TMCnet explains about the new "Two-factor authentication""Two-factor authentication involves the user entering pseudorandomly generated codes and a password. This method of authentication was developed after hackers used keyloggers to get the password and broke into the accounts. This pseudorandomly generated code can be used only once."

But just about as fast as the banks can protect themselves, online crime and terrorists program around it...

Raju continues... "The hackers have found a new workaround for this authentication tool. The man-in-the-middle attack hijacks a user session and users are lured into visiting a spoofed portal. This portal is hosted on a compromised machine and once the information is entered, such bank details and codes are relayed to the to the real bank site. Once the users have validated their identity on the real system by way of the compromised relay, hackers take over the session."

Most people think it can't happen here, but it's getting harder and harder to tell the difference between the good and the evil...

Raju continues... "To make the phishing e-mails more believable, they are becoming more personalized. While earlier attackers just sent phishing e-mails to a randomly selected list, nowadays these messages contain details about the banks, which the receiver actually uses. Also, many phishing Web sites are now using Flash content rather than HTML to escape anti-phishing technology deployed in modern Web browsers."

DTG(TM) and 60-Second Windows(TM) have been published continuously online since 1988. The Design & Publishing Center is a Spam-Free web site and welcomes your articles, comments and contributions. Graphic-Design.com and The Design & Publishing Center is a wholly owned subsidiary of Showker, Inc., TA. Showker Graphic Arts & Design, and is located in Harrisonburg, Virginia; in the Shenandoah Valley of Virginia, USA, established in 1972. 540-433-8402.